National Intelligence Estimate Names China as Top Threat

Earlier this month, SecurityWeek reported on the AP report citing two U.S. officials that claimed a National Intelligence Estimate (NIE) report would detail the economic impact China’s alleged cyber campaigns have had on the nation. The Washington Post has published additional information on the report, obtained from sources with direct access to the sensitive report.

As mentioned earlier this month, the NIE reflects the views of the nation’s intelligence agencies. According to a source who spoke to the Post on the condition of anonymity, cyber-espionage is “just so widespread that it’s known to be a national issue at this point.”

Previously the concern of the intelligence community and military, the topic of digital warfare and espionage has moved in to a financial concern. The report from the Post says the NIE describes a wide range of segments that have been targeted by alleged state-sponsored attacks, including the energy, finance, aerospace and automotive sectors.

According to the Washinton Post’s report, the NIE names Russia, Israel, and France as having engaged in hacking for economic intelligence, but clearly explains that the volume from those nations pales in comparison to China’s efforts.

“China’s intelligence services, as well as private companies, frequently seek to exploit Chinese citizens or people with family ties to China who can use their insider access to U.S. corporate networks to steal trade secrets using thumb drives or e-mail,” the Post story explains.

Word of the NIE report came a few days before President Obama signed an executive order related to cybersecurity, aimed at better protecting critical infrastructure from cyberattack.

During his State of the Union address to Congress on Tuesday, Obama, said the nation faces a "rapidly growing threat from cyberattacks."

"We know foreign countries and companies swipe our corporate secrets...Now our enemies are also seeking the ability to sabotage our power grid, our financial institutions and our air traffic control systems," he said.

The directive calls for voluntary reporting of threats to infrastructure, but stops short of mandating that information be shared.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.